@plyaz/auth 1.0.0

package/src/client/hooks/useRBAC.ts

@@ -0,0 +1,36 @@
+import { useAuth } from './useAuth';
+
+export interface UseRBACReturn {
+  hasRole: (role: string) => boolean;
+  hasAnyRole: (roles: string[]) => boolean;
+  hasAllRoles: (roles: string[]) => boolean;
+  userRoles: string[];
+  isAdmin: boolean;
+  isModerator: boolean;
+}
+
+export const useRBAC = (): UseRBACReturn => {
+  const { user } = useAuth();
+  const userRoles = user?.roles ?? [];
+
+  const hasRole = (role: string): boolean => {
+    return userRoles.includes(role);
+  };
+
+  const hasAnyRole = (roles: string[]): boolean => {
+    return roles.some(role => userRoles.includes(role));
+  };
+
+  const hasAllRoles = (roles: string[]): boolean => {
+    return roles.every(role => userRoles.includes(role));
+  };
+
+  return {
+    hasRole,
+    hasAnyRole,
+    hasAllRoles,
+    userRoles,
+    isAdmin: hasRole('ADMIN'),
+    isModerator: hasRole('MODERATOR')
+  };
+};

package/src/client/hooks/useSession.ts

@@ -0,0 +1,18 @@
+import type { Session } from "@plyaz/types";
+import { useAuthStore } from "../store/auth.store";
+
+export function useSession() : {
+    session: Session | null;
+    isValid: boolean;
+    expiresAt: Date | null;
+    refresh: () => Promise<void>;
+} {
+  const store = useAuthStore();
+
+  return {
+    session: store.session,
+    isValid: !!store.session,
+    expiresAt: store.sessionExpiry,
+    refresh: store.refreshTokens,
+  };
+}

package/src/client/providers/AuthProvider.tsx

@@ -0,0 +1,104 @@
+import type { ReactNode } from "react";
+import { createContext } from "react";
+import type { UseAuthReturn } from "../hooks/useAuth";
+import { useAuthStore } from "../store/auth.store";
+import type  { 
+  AuthCredentials, 
+  AUTHPROVIDER, 
+  ConnectedAccount, 
+  AuthAdapterUser,
+  AuthSession,
+  Tokens
+} from "@plyaz/types";
+
+/**
+ * React context for authentication.
+ * Provides user, loading, error states and authentication functions.
+ */
+export const AuthContext = createContext<UseAuthReturn | null>(null);
+
+/**
+ * AuthProvider component that wraps your app.
+ * Uses Zustand store for all authentication state and actions.
+ *
+ * @param children React children components
+ */
+export function AuthProvider({ children }: { children: ReactNode }): ReactNode {
+  const store = useAuthStore();
+
+  // Wrap actions in a helper to handle loading and errors
+  const handleAuthAction = async <T,>(
+    action: () => Promise<T>
+  ): Promise<T> => {
+    store.setLoading(true);
+    store.setError(null);
+
+    try {
+      const result = await action();
+      return result;
+    } catch (err: unknown) {
+      const errorMessage =
+        err instanceof Error ? err.message : "Authentication failed";
+      store.setError(errorMessage);
+      throw err;
+    } finally {
+      store.setLoading(false);
+    }
+  };
+
+  // Create the auth context value
+  const authValue = {
+    user: store.user,
+    isAuthenticated: store.isAuthenticated,
+    isLoading: store.isLoading,
+    error: store.error,
+
+    // Auth API actions wrapped with handleAuthAction
+    signIn: async (provider?: AUTHPROVIDER, credentials?: AuthCredentials): Promise<{
+      user: AuthAdapterUser;
+      session: AuthSession;
+      tokens: Tokens;
+    }> => {
+      return handleAuthAction(() => store.signIn(provider, credentials));
+    },
+
+    signUp: async (provider: AUTHPROVIDER, credentials:unknown, data?:unknown) => {
+      return handleAuthAction(() => store.signUp(provider, data));
+    },
+
+    signOut: async (): Promise<void> => {
+      return handleAuthAction(() => store.signOut());
+    },
+
+    linkAccount: async (userId:string,provider:AUTHPROVIDER,data:ConnectedAccount): Promise<void |ConnectedAccount> => {
+      return handleAuthAction(async () => {
+        // Create a minimal ConnectedAccount object with only required properties
+        const connectedAccount: ConnectedAccount = {
+        
+          ...data,
+          userId,
+          provider,
+          providerType: "",
+          providerAccountId: "",
+          isPrimary: false,
+          isVerified: false,
+          isActive: false,
+          linkedAt: new Date(),
+          createdAt: new Date(),
+          updatedAt: new Date()
+        };
+        store.addConnectedAccount(connectedAccount);
+      });
+    },
+
+    unlinkAccount: async (id: string): Promise<void> => {
+      return handleAuthAction(async () => store.removeConnectedAccount(id));
+    },
+  };
+
+  return (
+    <AuthContext.Provider value={authValue}>
+      {children}
+    </AuthContext.Provider>
+  );
+}

package/src/client/store/auth.store.ts

@@ -0,0 +1,306 @@
+
+import type { AuthAdapterUser, AuthCredentials, AUTHPROVIDER, AuthSession, AuthTokens,AuthUser,ConnectedAccount, Session, Tokens, } from "@plyaz/types";
+import { create } from "zustand";
+import { persist, subscribeWithSelector } from "zustand/middleware";
+import type { AuthPermissions } from "../hooks/useAuth";
+
+
+interface AuthState {
+  // User & Authentication
+  user: AuthPermissions | null;
+  tokens: AuthTokens | null;
+  isAuthenticated: boolean;
+  isLoading: boolean;
+
+  // Session Management
+  session: Session | null;
+  sessionExpiry: Date | null;
+
+  // Connected Accounts
+  connectedAccounts: ConnectedAccount[];
+
+  // Permissions & Roles
+  permissions: string[];
+  roles: string[];
+
+  // UI State
+  lastActivity: Date | null;
+  rememberMe: boolean;
+
+  // Error State
+  error: string | null;
+}
+
+
+
+export interface AuthActions {
+  // User Management
+  setUser: (user: AuthUser | null) => void;
+  updateUser: (updates: Partial<AuthUser>) => void;
+
+  // Token Management
+  setTokens: (tokens: AuthTokens | null) => void;
+  refreshTokens: () => Promise<void>;
+
+  // Session Management
+  setSession: (session: Session | null) => void;
+  updateLastActivity: () => void;
+
+  // Connected Accounts
+  setConnectedAccounts: (accounts: ConnectedAccount[]) => void;
+  addConnectedAccount: (account: ConnectedAccount) => void;
+  removeConnectedAccount: (accountId: string) => void;
+
+  // Permissions & Roles
+  setPermissions: (permissions: string[]) => void;
+  setRoles: (roles: string[]) => void;
+  hasPermission: (permission: string) => boolean;
+  hasRole: (role: string) => boolean;
+  
+  // Authentication Actions
+  signIn: (provider?: AUTHPROVIDER, credentials?: AuthCredentials) => Promise<{
+    user: AuthAdapterUser;
+    session: AuthSession;
+    tokens: Tokens;
+  }>;
+  signUp: (provider: AUTHPROVIDER, data?: unknown) => Promise<void>;
+  signOut: () => Promise<void>;
+
+  // State Management
+  setLoading: (loading: boolean) => void;
+  setError: (error: string | null) => void;
+  clearError: () => void;
+
+  // Utility
+  reset: () => void;
+}
+
+const initialState: AuthState = {
+  user: null,
+  tokens: null,
+  isAuthenticated: false,
+  isLoading: true,
+  session: null,
+  sessionExpiry: null,
+  connectedAccounts: [],
+  permissions: [],
+  roles: [],
+  lastActivity: null,
+  rememberMe: false,
+  error: null,
+};
+
+export const useAuthStore = create<AuthState & AuthActions>()(
+  subscribeWithSelector(
+    persist(
+      // eslint-disable-next-line max-lines-per-function
+      (set, get) => ({
+        ...initialState,
+
+        // User Management
+        setUser: (user) =>
+          set({
+            user,
+            isAuthenticated: !!user,
+            error: null,
+          }),
+
+        updateUser: (updates) => {
+          const { user } = get();
+          if (user) {
+            set({ user: { ...user, ...updates } });
+          }
+        },
+
+        // Token Management
+        setTokens: (tokens) => set({ tokens }),
+
+        refreshTokens: async () => {
+          const { tokens } = get();
+          if (!tokens?.refreshToken) return;
+
+          try {
+            const response = await globalThis.fetch("/api/auth/refresh", {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({ refreshToken: tokens.refreshToken }),
+            });
+
+            if (response.ok) {
+              const newTokens = (await response.json()) as AuthTokens;
+              set({ tokens: newTokens });
+            } else {
+              // Refresh failed, sign out
+              await get().signOut();
+            }
+          } catch (error: unknown) {
+            globalThis.console.log(error)
+         await   get().signOut();
+          }
+        },
+
+        // Session Management
+        setSession: (session) =>
+          set({
+            session,
+            sessionExpiry: session?.expiresAt
+              ? new Date(session.expiresAt)
+              : null,
+          }),
+
+        updateLastActivity: () => set({ lastActivity: new Date() }),
+
+        // Connected Accounts
+        setConnectedAccounts: (connectedAccounts) => set({ connectedAccounts }),
+
+        addConnectedAccount: (account) => {
+          const { connectedAccounts } = get();
+          set({ connectedAccounts: [...connectedAccounts, account] });
+        },
+
+        removeConnectedAccount: (accountId) => {
+          const { connectedAccounts } = get();
+          set({
+            connectedAccounts: connectedAccounts.filter(
+              (acc) => acc.id !== accountId
+            ),
+          });
+        },
+
+        // Permissions & Roles
+        setPermissions: (permissions) => set({ permissions }),
+        setRoles: (roles) => set({ roles }),
+
+        hasPermission: (permission) => {
+          const { permissions } = get();
+          return permissions.includes(permission);
+        },
+
+        hasRole: (role) => {
+          const { roles } = get();
+          return roles.includes(role);
+        },
+
+        // Authentication Actions
+        signUp: async (provider, data?: unknown) => {
+          set({ isLoading: true, error: null });
+          try {
+            const endpoint = provider
+              ? `/api/auth/signup/${provider}`
+              : "/api/auth/signup";
+            const response = await globalThis.fetch(endpoint, {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify(data),
+            });
+
+            if (!response.ok) {
+              const errorData = (await response.json()) as { message?: string };
+              throw new Error(errorData.message ?? "Sign up failed");
+            }
+
+            const responseData = (await response.json()) as {
+              user: AuthUser;
+              tokens: AuthTokens;
+              session: Session;
+            };
+            const { user, tokens, session } = responseData;
+            set({
+              user,
+              tokens,
+              session,
+              isAuthenticated: true,
+              lastActivity: new Date(),
+            });
+          } catch (error: unknown) {
+            const errorMessage =
+              error instanceof Error ? error.message : "Sign up failed";
+            set({ error: errorMessage });
+          } finally {
+            set({ isLoading: false });
+          }
+        },
+       signIn: async (provider, credentials) => {
+  set({ isLoading: true, error: null });
+  try {
+    const endpoint = provider
+      ? `/api/auth/signin/${provider}`
+      : "/api/auth/signin";
+    const response = await globalThis.fetch(endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(credentials),
+    });
+
+    if (!response.ok) {
+      const errorData = (await response.json()) as { message?: string };
+      throw new Error(errorData.message ?? "Sign in failed");
+    }
+
+    const data = (await response.json()) as {
+      user: AuthUser;
+      tokens: AuthTokens;
+      session: Session;
+    };
+    const { user, tokens, session } = data;
+    
+    // Update the store state
+    set({
+      user,
+      tokens,
+      session,
+      isAuthenticated: true,
+      lastActivity: new Date(),
+    });
+    
+    // Return the expected object with proper types
+    return {
+      user: user as AuthAdapterUser, // Cast to match expected type
+      session: session as AuthSession, // Cast to match expected type
+      tokens: tokens as Tokens, // Cast to match expected type
+    };
+  } catch (error: unknown) {
+    const errorMessage =
+      error instanceof Error ? error.message : "Sign in failed";
+    set({ error: errorMessage });
+    // Re-throw the error to maintain the Promise rejection
+    throw error;
+  } finally {
+    set({ isLoading: false });
+  }
+},
+
+        signOut: async () => {
+          set({ isLoading: true });
+          try {
+            await globalThis.fetch("/api/auth/signout", { method: "POST" });
+            set(initialState);
+          } catch (error: unknown) {
+            const errorMessage =
+              error instanceof Error ? error.message : "Sign out failed";
+            set({ error: errorMessage });
+          } finally {
+            set({ isLoading: false });
+          }
+        },
+
+        // State Management
+        setLoading: (isLoading) => set({ isLoading }),
+        setError: (error) => set({ error }),
+        clearError: () => set({ error: null }),
+
+        // Utility
+        reset: () => set(initialState),
+      }),
+      {
+        name: "auth-storage",
+        partialize: (state) => ({
+          user: state.user,
+          tokens: state.tokens,
+          rememberMe: state.rememberMe,
+          connectedAccounts: state.connectedAccounts,
+        }),
+      }
+    )
+  )
+);

package/src/client/utils/storage.ts

@@ -0,0 +1,70 @@
+/* eslint-disable @typescript-eslint/explicit-function-return-type */
+/**
+ * @fileoverview Storage utility for client-side operations
+ * @module @plyaz/auth/client/utils/storage
+ */
+
+class StorageManager {
+  private get storage() {
+    return typeof globalThis !== 'undefined' ? (globalThis ).localStorage : null;
+  }
+
+  getItem(key: string): string | null {
+    if (!this.storage) return null;
+    try {
+      return this.storage.getItem(key);
+    } catch (error) {
+      if (error instanceof DOMException && error.name === 'QuotaExceededError') {
+        globalThis.console.warn('localStorage quota exceeded:', error);
+      } else if (error instanceof DOMException && error.name === 'SecurityError') {
+         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      } else {
+         globalThis.console.warn('localStorage.getItem failed:', error);
+      }
+      return null;
+    }
+  }
+
+  setItem(key: string, value: string): void {
+    if (!this.storage) return;
+    try {
+      this.storage.setItem(key, value);
+    } catch (error) {
+      if (error instanceof DOMException && error.name === 'QuotaExceededError') {
+         globalThis.console.warn('localStorage quota exceeded, cannot save:', error);
+      } else if (error instanceof DOMException && error.name === 'SecurityError') {
+         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      } else {
+         globalThis.console.warn('localStorage.setItem failed:', error);
+      }
+    }
+  }
+
+  removeItem(key: string): void {
+    if (!this.storage) return;
+    try {
+      this.storage.removeItem(key);
+    } catch (error) {
+      if (error instanceof DOMException && error.name === 'SecurityError') {
+         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      } else {
+         globalThis.console.warn('localStorage.removeItem failed:', error);
+      }
+    }
+  }
+
+  clear(): void {
+    if (!this.storage) return;
+    try {
+      this.storage.clear();
+    } catch (error) {
+      if (error instanceof DOMException && error.name === 'SecurityError') {
+        globalThis. console.warn('localStorage access denied (private browsing):', error);
+      } else {
+         globalThis.console.warn('localStorage.clear failed:', error);
+      }
+    }
+  }
+}
+
+export const storage = new StorageManager();

package/src/common/constants/oauth-providers.ts

@@ -0,0 +1,49 @@
+// /**
+//  * @fileoverview OAuth provider constants for @plyaz/auth
+//  * @module @plyaz/auth/constants/oauth-providers
+//  * 
+//  * @description
+//  * Defines supported OAuth providers and their configurations.
+//  * Used by adapters, strategies, and frontend components to handle
+//  * OAuth authentication flows. Provides standardized provider names
+//  * and metadata for consistent provider handling.
+//  * 
+//  * @example
+//  * ```typescript
+//  * import { OAUTH_PROVIDERS, OAuthProviderConfig } from '@plyaz/auth';
+//  * 
+//  * const googleConfig = OAUTH_PROVIDER_CONFIGS[OAUTH_PROVIDERS.GOOGLE];
+//  * const authUrl = `${googleConfig.authUrl}?client_id=${clientId}`;
+//  * ```
+//  */
+
+import { OAUTH_PROVIDER_CONFIGS } from "@plyaz/config";
+import type { OAuthProvider, OAuthProviderConfig } from "@plyaz/types";
+import { OAUTH_PROVIDERS } from "@plyaz/types";
+
+
+/**
+ * Get OAuth provider configuration by provider name
+ * @param provider - OAuth provider name
+ * @returns Provider configuration or null if not found
+ */
+export function getOAuthProviderConfig(provider: string): OAuthProviderConfig | null {
+  return OAUTH_PROVIDER_CONFIGS[provider as OAuthProvider] || null;
+}
+
+/**
+ * Check if provider is supported
+ * @param provider - Provider name to check
+ * @returns True if provider is supported
+ */
+export function isOAuthProviderSupported(provider: string): provider is OAuthProvider {
+  return Object.values(OAUTH_PROVIDERS).includes(provider as OAuthProvider);
+}
+
+/**
+ * Get all supported OAuth provider names
+ * @returns Array of supported provider names
+ */
+export function getSupportedOAuthProviders(): OAuthProvider[] {
+  return Object.values(OAUTH_PROVIDERS);
+}

package/src/common/errors/auth.errors.ts

@@ -0,0 +1,64 @@
+// /**
+//  * @fileoverview Authentication error classes for @plyaz/auth
+//  * @module @plyaz/auth/errors
+//  * 
+//  * @description
+//  * Defines custom error classes for authentication and authorization failures.
+//  * These errors provide structured error information for proper error handling
+//  * throughout the authentication system. Includes both specific error classes
+//  * and legacy compatibility classes.
+//  * 
+//  * @example
+//  * ```typescript
+//  * import { InvalidCredentialsError, TokenExpiredError } from '@plyaz/auth';
+//  * 
+//  * throw new InvalidCredentialsError('Invalid email or password');
+//  * throw new TokenExpiredError('Access token has expired');
+//  * ```
+//  */
+
+// // Re-export all specific error classes
+
+// // Legacy error classes for backward compatibility
+// export class AuthError extends Error {
+//   constructor(message: string, public code: string) {
+//     super(message);
+//     this.name = 'AuthError';
+//   }
+// }
+
+// export class AuthenticationError extends AuthError {
+//   constructor(message = 'Authentication failed') {
+//     super(message, 'AUTH_FAILED');
+//   }
+// }
+
+// export class AuthorizationError extends AuthError {
+//   constructor(message = 'Access denied') {
+//     super(message, 'ACCESS_DENIED');
+//   }
+// }
+
+// export class TokenExpiredError extends AuthError {
+//   constructor(message = 'Token has expired') {
+//     super(message, 'TOKEN_EXPIRED');
+//   }
+// }
+
+// export class InvalidTokenError extends AuthError {
+//   constructor(message = 'Invalid token') {
+//     super(message, 'INVALID_TOKEN');
+//   }
+// }
+
+// export class SessionNotFoundError extends AuthError {
+//   constructor(message = 'Session not found') {
+//     super(message, 'SESSION_NOT_FOUND');
+//   }
+// }
+
+// export class UserNotFoundError extends AuthError {
+//   constructor(message = 'User not found') {
+//     super(message, 'USER_NOT_FOUND');
+//   }
+// }